Child Height Predictor by Ostheimer WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Child Height Predictor by Ostheimer WordPress plugin, affecting all versions through 1.3. The vulnerability arises from a lack of nonce verification in the options() function, which manages plugin settings updates. Without proper nonce validation, unauthenticated attackers can manipulate site administrators into submitting forged POST requests that alter plugin settings, such as unit preferences, which are then saved to the database.

Impact

Exploitation of this vulnerability allows for unauthorized changes to the plugin's settings, which are persisted in the WordPress database. This could lead to incorrect data being displayed or used within the site, depending on the nature of the changed settings.

Reproduction

To reproduce this vulnerability, an attacker can create a link or a page that, when clicked or visited by an administrator, sends a forged POST request to update the Child Height Predictor plugin's settings. The request can be crafted to change preferences such as measurement units, exploiting the absence of nonce verification to bypass normal security checks.